35a540d34eb343d4e2a60581dbf11d676bfd2e8a2766eb1a87395cf97278b852

Analysis

max time kernel
120s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f294153519a0ed8339b961457d1f440N.exe
Size

468KB
MD5

9f294153519a0ed8339b961457d1f440
SHA1

7cb2a6933e2b8899a9c4aae99bf8ff97ced47836
SHA256

35a540d34eb343d4e2a60581dbf11d676bfd2e8a2766eb1a87395cf97278b852
SHA512

abb25cb95cb27990abf61dca41463b82644c8f14070fc2ca42e04b176fdd0885c4e8d0a73ece3a0ffde549dda846b669f7982b2246ee386e7166e394326b4e80
SSDEEP

3072:WqFCoxL+je8RBbYkPz5jofLenstpIpPrmHqkVW340VG9hfNYfl4:WqAoQvRB3P1jofl0Jv408vfNY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4916	Unicorn-58939.exe
1092	Unicorn-43475.exe
2268	Unicorn-7081.exe
3096	Unicorn-54243.exe
2564	Unicorn-18041.exe
4328	Unicorn-21379.exe
4848	Unicorn-23416.exe
608	Unicorn-12738.exe
640	Unicorn-34097.exe
3504	Unicorn-45987.exe
552	Unicorn-17953.exe
1796	Unicorn-31688.exe
3020	Unicorn-37554.exe
1416	Unicorn-18441.exe
1652	Unicorn-18441.exe
4804	Unicorn-30331.exe
2312	Unicorn-20553.exe
1676	Unicorn-24083.exe
3392	Unicorn-7746.exe
4308	Unicorn-15915.exe
692	Unicorn-34672.exe
2992	Unicorn-31872.exe
4624	Unicorn-4601.exe
3220	Unicorn-65307.exe
4576	Unicorn-6329.exe
3084	Unicorn-6594.exe
5096	Unicorn-49665.exe
2452	Unicorn-8522.exe
3520	Unicorn-8522.exe
3624	Unicorn-39851.exe
3588	Unicorn-40043.exe
1100	Unicorn-26203.exe
1052	Unicorn-59953.exe
3036	Unicorn-27088.exe
4860	Unicorn-13353.exe
3372	Unicorn-51977.exe
3040	Unicorn-38241.exe
2592	Unicorn-60219.exe
5088	Unicorn-3042.exe
3468	Unicorn-43883.exe
3564	Unicorn-11402.exe
8	Unicorn-52435.exe
1476	Unicorn-27846.exe
3052	Unicorn-52627.exe
4932	Unicorn-46497.exe
4652	Unicorn-2082.exe
636	Unicorn-47754.exe
1464	Unicorn-51018.exe
1892	Unicorn-59451.exe
3264	Unicorn-34755.exe
3728	Unicorn-34490.exe
1776	Unicorn-9488.exe
3892	Unicorn-47946.exe
1528	Unicorn-3063.exe
1656	Unicorn-3063.exe
1904	Unicorn-51387.exe
2348	Unicorn-51387.exe
1648	Unicorn-31521.exe
2380	Unicorn-56026.exe
3580	Unicorn-23545.exe
4204	Unicorn-53442.exe
3824	Unicorn-19675.exe
1044	Unicorn-65346.exe
1768	Unicorn-3530.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
8188	5628	WerFault.exe	187
6600	6064	WerFault.exe	262
16060	15064	WerFault.exe
15828	15088	WerFault.exe	693

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34755.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15628	dwm.exe
Token: SeChangeNotifyPrivilege	15628	dwm.exe
Token: 33	15628	dwm.exe
Token: SeIncBasePriorityPrivilege	15628	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2480	9f294153519a0ed8339b961457d1f440N.exe
4916	Unicorn-58939.exe
1092	Unicorn-43475.exe
2268	Unicorn-7081.exe
3096	Unicorn-54243.exe
4328	Unicorn-21379.exe
4848	Unicorn-23416.exe
2564	Unicorn-18041.exe
608	Unicorn-12738.exe
640	Unicorn-34097.exe
3504	Unicorn-45987.exe
3020	Unicorn-37554.exe
1796	Unicorn-31688.exe
552	Unicorn-17953.exe
1416	Unicorn-18441.exe
1652	Unicorn-18441.exe
4804	Unicorn-30331.exe
1676	Unicorn-24083.exe
2312	Unicorn-20553.exe
3392	Unicorn-7746.exe
4308	Unicorn-15915.exe
692	Unicorn-34672.exe
2992	Unicorn-31872.exe
5096	Unicorn-49665.exe
3084	Unicorn-6594.exe
4624	Unicorn-4601.exe
3220	Unicorn-65307.exe
4576	Unicorn-6329.exe
2452	Unicorn-8522.exe
3520	Unicorn-8522.exe
3624	Unicorn-39851.exe
3588	Unicorn-40043.exe
1100	Unicorn-26203.exe
1052	Unicorn-59953.exe
3036	Unicorn-27088.exe
3372	Unicorn-51977.exe
3040	Unicorn-38241.exe
4860	Unicorn-13353.exe
3564	Unicorn-11402.exe
5088	Unicorn-3042.exe
8	Unicorn-52435.exe
3468	Unicorn-43883.exe
2592	Unicorn-60219.exe
1476	Unicorn-27846.exe
4932	Unicorn-46497.exe
3052	Unicorn-52627.exe
636	Unicorn-47754.exe
3892	Unicorn-47946.exe
3264	Unicorn-34755.exe
1776	Unicorn-9488.exe
3728	Unicorn-34490.exe
1892	Unicorn-59451.exe
1464	Unicorn-51018.exe
4652	Unicorn-2082.exe
1656	Unicorn-3063.exe
1648	Unicorn-31521.exe
2380	Unicorn-56026.exe
1904	Unicorn-51387.exe
2348	Unicorn-51387.exe
1528	Unicorn-3063.exe
4204	Unicorn-53442.exe
3580	Unicorn-23545.exe
2400	Unicorn-18833.exe
3496	Unicorn-34978.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 4916	2480	9f294153519a0ed8339b961457d1f440N.exe	89
PID 2480 wrote to memory of 4916	2480	9f294153519a0ed8339b961457d1f440N.exe	89
PID 2480 wrote to memory of 4916	2480	9f294153519a0ed8339b961457d1f440N.exe	89
PID 4916 wrote to memory of 1092	4916	Unicorn-58939.exe	92
PID 4916 wrote to memory of 1092	4916	Unicorn-58939.exe	92
PID 4916 wrote to memory of 1092	4916	Unicorn-58939.exe	92
PID 2480 wrote to memory of 2268	2480	9f294153519a0ed8339b961457d1f440N.exe	93
PID 2480 wrote to memory of 2268	2480	9f294153519a0ed8339b961457d1f440N.exe	93
PID 2480 wrote to memory of 2268	2480	9f294153519a0ed8339b961457d1f440N.exe	93
PID 1092 wrote to memory of 3096	1092	Unicorn-43475.exe	95
PID 1092 wrote to memory of 3096	1092	Unicorn-43475.exe	95
PID 1092 wrote to memory of 3096	1092	Unicorn-43475.exe	95
PID 4916 wrote to memory of 2564	4916	Unicorn-58939.exe	96
PID 4916 wrote to memory of 2564	4916	Unicorn-58939.exe	96
PID 4916 wrote to memory of 2564	4916	Unicorn-58939.exe	96
PID 2268 wrote to memory of 4328	2268	Unicorn-7081.exe	97
PID 2268 wrote to memory of 4328	2268	Unicorn-7081.exe	97
PID 2268 wrote to memory of 4328	2268	Unicorn-7081.exe	97
PID 2480 wrote to memory of 4848	2480	9f294153519a0ed8339b961457d1f440N.exe	98
PID 2480 wrote to memory of 4848	2480	9f294153519a0ed8339b961457d1f440N.exe	98
PID 2480 wrote to memory of 4848	2480	9f294153519a0ed8339b961457d1f440N.exe	98
PID 3096 wrote to memory of 608	3096	Unicorn-54243.exe	101
PID 3096 wrote to memory of 608	3096	Unicorn-54243.exe	101
PID 3096 wrote to memory of 608	3096	Unicorn-54243.exe	101
PID 1092 wrote to memory of 640	1092	Unicorn-43475.exe	102
PID 1092 wrote to memory of 640	1092	Unicorn-43475.exe	102
PID 1092 wrote to memory of 640	1092	Unicorn-43475.exe	102
PID 2564 wrote to memory of 3504	2564	Unicorn-18041.exe	103
PID 2564 wrote to memory of 3504	2564	Unicorn-18041.exe	103
PID 2564 wrote to memory of 3504	2564	Unicorn-18041.exe	103
PID 2268 wrote to memory of 552	2268	Unicorn-7081.exe	104
PID 2268 wrote to memory of 552	2268	Unicorn-7081.exe	104
PID 2268 wrote to memory of 552	2268	Unicorn-7081.exe	104
PID 4916 wrote to memory of 1796	4916	Unicorn-58939.exe	105
PID 4916 wrote to memory of 1796	4916	Unicorn-58939.exe	105
PID 4916 wrote to memory of 1796	4916	Unicorn-58939.exe	105
PID 2480 wrote to memory of 3020	2480	9f294153519a0ed8339b961457d1f440N.exe	106
PID 2480 wrote to memory of 3020	2480	9f294153519a0ed8339b961457d1f440N.exe	106
PID 2480 wrote to memory of 3020	2480	9f294153519a0ed8339b961457d1f440N.exe	106
PID 4328 wrote to memory of 1416	4328	Unicorn-21379.exe	108
PID 4328 wrote to memory of 1416	4328	Unicorn-21379.exe	108
PID 4848 wrote to memory of 1652	4848	Unicorn-23416.exe	107
PID 4328 wrote to memory of 1416	4328	Unicorn-21379.exe	108
PID 4848 wrote to memory of 1652	4848	Unicorn-23416.exe	107
PID 4848 wrote to memory of 1652	4848	Unicorn-23416.exe	107
PID 608 wrote to memory of 4804	608	Unicorn-12738.exe	109
PID 608 wrote to memory of 4804	608	Unicorn-12738.exe	109
PID 608 wrote to memory of 4804	608	Unicorn-12738.exe	109
PID 3096 wrote to memory of 2312	3096	Unicorn-54243.exe	110
PID 3096 wrote to memory of 2312	3096	Unicorn-54243.exe	110
PID 3096 wrote to memory of 2312	3096	Unicorn-54243.exe	110
PID 640 wrote to memory of 1676	640	Unicorn-34097.exe	111
PID 640 wrote to memory of 1676	640	Unicorn-34097.exe	111
PID 640 wrote to memory of 1676	640	Unicorn-34097.exe	111
PID 3020 wrote to memory of 3392	3020	Unicorn-37554.exe	112
PID 3020 wrote to memory of 3392	3020	Unicorn-37554.exe	112
PID 3020 wrote to memory of 3392	3020	Unicorn-37554.exe	112
PID 3504 wrote to memory of 4308	3504	Unicorn-45987.exe	113
PID 3504 wrote to memory of 4308	3504	Unicorn-45987.exe	113
PID 3504 wrote to memory of 4308	3504	Unicorn-45987.exe	113
PID 1092 wrote to memory of 692	1092	Unicorn-43475.exe	114
PID 1092 wrote to memory of 692	1092	Unicorn-43475.exe	114
PID 1092 wrote to memory of 692	1092	Unicorn-43475.exe	114
PID 2480 wrote to memory of 2992	2480	9f294153519a0ed8339b961457d1f440N.exe	115

C:\Users\Admin\AppData\Local\Temp\9f294153519a0ed8339b961457d1f440N.exe
"C:\Users\Admin\AppData\Local\Temp\9f294153519a0ed8339b961457d1f440N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8522.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        10⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        11⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        11⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        10⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        10⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        9⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        9⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
        9⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe
        10⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        10⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        9⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        9⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
        9⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        8⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        8⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        10⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        10⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        9⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
        9⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        8⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        8⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        8⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        8⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
        7⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
        8⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
        7⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        9⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        9⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        9⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        8⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52019.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        8⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        9⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        8⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        7⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        7⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23465.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        9⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        9⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
        9⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        9⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        8⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        7⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        10⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        9⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        8⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe
        8⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        7⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        7⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        7⤵
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
        6⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        7⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        6⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        7⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        7⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        7⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        6⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        5⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
        9⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        10⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        10⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        10⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        8⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        7⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        6⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
        8⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        8⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
        7⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        8⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        7⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        7⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
        6⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        7⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        9⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        9⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        8⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        8⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20209.exe
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe
        8⤵
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        8⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        7⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        7⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        6⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61890.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        6⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        6⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        5⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
        5⤵
        
        PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27091.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        8⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        7⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        6⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        6⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11961.exe
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        5⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        7⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        6⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        5⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        5⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        5⤵
        
        PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
      4⤵
      PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        5⤵
        
        PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
      4⤵
      PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
      4⤵
      PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        9⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        10⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        9⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        9⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30596.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        7⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        7⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        8⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        8⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        8⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        7⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        7⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        7⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        6⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27579.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        6⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        5⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        5⤵
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        6⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
        8⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        7⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12881.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10617.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        7⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
        6⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        6⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        5⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
        5⤵
        
        PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19139.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        6⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
        6⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        6⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59137.exe
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        5⤵
        
        PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
      4⤵
      PID:15436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
      4⤵
      PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26851.exe
        9⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        8⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        7⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        7⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        7⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        6⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4272.exe
        5⤵
        
        PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
      4⤵
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        6⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        7⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        7⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        6⤵
        
        PID:15088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15088 -s 440
        7⤵
        Program crash
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46707.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
      4⤵
      PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
      4⤵
      PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34755.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57475.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
        7⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        6⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
        5⤵
        
        PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
      4⤵
      PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        5⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        5⤵
        
        PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
      4⤵
      PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
      4⤵
      PID:15220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
        5⤵
        
        PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        5⤵
        
        PID:14152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
      4⤵
      PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49642.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
      4⤵
      PID:8500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
      4⤵
      PID:6472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
    3⤵
    PID:8156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
    3⤵
    PID:15392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
    3⤵
    PID:8040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        8⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        9⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        8⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        7⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        7⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        6⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61915.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        7⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41889.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        7⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        6⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        6⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        5⤵
        Executes dropped EXE
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29483.exe
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        7⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        7⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        7⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        7⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        6⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
        5⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12906.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        5⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        5⤵
        
        PID:15496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
      4⤵
      PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
      4⤵
      PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
      4⤵
      PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
      4⤵
      PID:3568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40016.exe
        7⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        7⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        6⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        7⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        6⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        6⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        5⤵
        
        PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
        5⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        7⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        6⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        5⤵
        
        PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
      4⤵
      PID:12640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
      4⤵
      PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10633.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        7⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        6⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        5⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        5⤵
        
        PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4254.exe
        5⤵
        
        PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
      4⤵
      PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        5⤵
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12647.exe
      4⤵
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51018.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        6⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        7⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        6⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
        5⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        6⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        5⤵
        
        PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
      4⤵
      PID:6064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 632
        5⤵
        Program crash
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
      4⤵
      PID:15992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
    3⤵
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
      4⤵
      PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
      4⤵
      PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
    3⤵
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
      4⤵
      PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
      4⤵
      PID:6888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
    3⤵
    PID:10912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
    3⤵
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
    3⤵
    PID:8492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8522.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        6⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 632
        7⤵
        Program crash
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
        7⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        6⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        6⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
        6⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        7⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        6⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
      4⤵
      PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        5⤵
        
        PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
      4⤵
      PID:12056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
      4⤵
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
      4⤵
      Executes dropped EXE
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
        6⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        6⤵
        
        PID:13628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        6⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        5⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        5⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        5⤵
        
        PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
      4⤵
      PID:1516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10665.exe
    3⤵
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
      4⤵
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        5⤵
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
      4⤵
      PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
      4⤵
      PID:14904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
      4⤵
      PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
      4⤵
      PID:7132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
    3⤵
    PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
    3⤵
    PID:12792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
    3⤵
    PID:8964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
        7⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        7⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        6⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        5⤵
        
        PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        6⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        5⤵
        
        PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
      4⤵
      PID:13396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
    3⤵
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
      4⤵
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52579.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        5⤵
        
        PID:14964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
      4⤵
      PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
      4⤵
      PID:15860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
    3⤵
    PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26851.exe
        5⤵
        
        PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
      4⤵
      PID:11540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
      4⤵
      PID:15864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35088.exe
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
      4⤵
      PID:16476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
    3⤵
    PID:10008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
    3⤵
    PID:15508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
    3⤵
    PID:2928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        6⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
        6⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        5⤵
        
        PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        6⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        5⤵
        
        PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
      4⤵
      PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
      4⤵
      PID:13696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        5⤵
        
        PID:728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
        5⤵
        
        PID:13080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
      4⤵
      PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59227.exe
        5⤵
        
        PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
      4⤵
      PID:13888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
    3⤵
    PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
      4⤵
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
      4⤵
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51930.exe
    3⤵
    PID:9168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
    3⤵
    PID:13748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
    3⤵
    PID:2616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
    3⤵
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        5⤵
        
        PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        5⤵
        
        PID:15064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15064 -s 248
        6⤵
        Program crash
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
      4⤵
      PID:15912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
    3⤵
    PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
      4⤵
      PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
      4⤵
      PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
    3⤵
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe
      4⤵
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
    3⤵
    PID:13608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
  2⤵
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
    3⤵
    PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
      4⤵
      PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
      4⤵
      PID:5224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
    3⤵
    PID:9708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
    3⤵
    PID:14132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
  2⤵
  PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
    3⤵
    PID:12180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
    3⤵
    PID:5280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
  2⤵
  PID:10920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
  2⤵
  PID:13780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
  2⤵
  PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5628 -ip 5628
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6064 -ip 6064
1⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 15064 -ip 15064
1⤵
PID:15808

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe

Filesize
468KB

MD5
8ca8cec917c0878060fc64b62d981fea

SHA1
02b7c30174cfc5c4d2ac983e0fa09df19af5103a

SHA256
d0d2dc6fd6cb966e18ab20052aea8a290a4a287624c54c2763d1d054f2398478

SHA512
6ed4a67dcce35819e36479de5681185a6d1042b05f543378e95bf463f1c928c213967d591e724d5d6fbba59442e2b012ccbd48c736eb27694c31118735944644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe

Filesize
468KB

MD5
6ea05929d0bf1ab4c99618a258ceb0bd

SHA1
62105352b928382e2922c4f1e090637756bab1ed

SHA256
2dfac2b39d91a3dd5357b5bcf3c830b53e2468d262566688aa043105e2ace80a

SHA512
ee6d67160eaa9c8f1862a5815485ebda05ca26b6bf9e6eeb11cdccac4ea41359e8617950c5ea0d788ad8bb7d88420adeeeec9b46aa0f439f7a998b5813865dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe

Filesize
468KB

MD5
de639c127b963e1c7f7dead8cb5f9992

SHA1
606aa97b1293752b4aa6e1f651cb1f902dc0e156

SHA256
3e126b73b4be5b980eafffd269486e7feba01d38138972328a3239dce0c53b51

SHA512
52ddc661091a9dfebef93c1cd4a58111a8149605aab356cb2b6264beeaf3da45476eed35b241464c7a86a263596aec065c1f297fcc2faedbc4144c341908738d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe

Filesize
468KB

MD5
a706b5d114b5858a659336aad4a5d2b5

SHA1
509bd2ddaf111ba831df43b8dee3c445d2a74251

SHA256
4ab13d0ca0f6b152ff1071ba43b045c25cbaba15dcc2dc7de63c660dbb312f9b

SHA512
cf3dd1c0c910ffa076599db0c7e9a7e9b8370df3b23c9079e1efb722af45d5a5d98a4fa76419936e34c6d5adbd76867dd0e0fb81452d0a2b45e45c540607b0bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe

Filesize
468KB

MD5
61414caf5d20216bd7097d810bb06f64

SHA1
6122aafb3401e3d275365b7550cc670f1d15224f

SHA256
f1f351df8a8c637462944bea33b966a6a32ddc91b25547f17e36831a1c23efed

SHA512
0ee62e66204b7fa570852fbb5b6db185ec65b9cbe869eb835cad40ec94c1954393467875a8bcfb929dc9513d72a362b7be10a99237711a99729f3701a4d22039

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe

Filesize
468KB

MD5
a0bc9f3ab1f6004ccd8741816b083ea4

SHA1
86d3b1211957812cb58123cb87e99a40c4c2d471

SHA256
ea42c579606fb1a24be4ed70d2417386d480865d9764f3bc945a1247caa5a0c6

SHA512
edb7dbcc54c418a79571e23cf1a66edc568d48e447c7f22d569d81cf0350b9846726d1d64cbc6cd431c78608c1da8c824156ad457a6cb37a841f11ee99d1ae3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe

Filesize
468KB

MD5
1d05392a073e866e9b79b31a54bc7abd

SHA1
da1ee9208bb0d4a72cca3e1c1c954ae97c226c11

SHA256
d79310dd9b8c2cfa5e5c8fdfec08363eacccc2b476cb434142f4a8e1716f2470

SHA512
9972c5cc38f0ea6118c98e5c31898abef393013fb08b46b4d61bd39b8c25611aa2d111a422b9c04d23457d49b04292ce597f29f66498c374e02fd57c153eea07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe

Filesize
468KB

MD5
e59a67ced8f00f98f2049d3f2fef9199

SHA1
e7e91073296f7cd6ee643940732a6443ffbb06fa

SHA256
599515e78c303b4cc267581bec8357777741b219426683f5f9062fb91c121c5f

SHA512
de4f9cf84e02f79b90abb9ea56ffd8bfaf36377c51c7767258d20eadf99b1f68c9c199ec699cb9ad4d6105ec098bc3df21c3974112326063050bb94235647508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe

Filesize
468KB

MD5
da15aad4c176e5c5450b38dbbdc08e56

SHA1
32de8faf33039f3a979ef72f298574dfba89dfd7

SHA256
7c9030ad779e2209d12fa3d6817d37f2e491e58fda477e4bba60b2a4233c2425

SHA512
eb835ca94c3c306d09d81c546b2e34f5dce0d7517bb39f63a0cfd92e66ed07b0d7cecca36d7aff51f679f66362741c178ea7663ccfd4e0ccc7d2829cf7226a34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe

Filesize
468KB

MD5
b0a4f67293d4e308cb3d5de2d5140ed9

SHA1
a6b6aee84c758ec7a4326f5edafbb2c54486dac7

SHA256
8d01b212f6874b7d82942bf71691d96300020189dc61464fc4fb9f6623a7a29f

SHA512
9e7373e2a289dd7b0651da6354fc12bad35f2bce657c35ba9de4c4b286e3ab338d886c164e605aaad60b2cfeed1c6a77e81943c7b822e4a01114fbf7a504f649

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe

Filesize
468KB

MD5
4f4e0fbe2fda770538c75ec70a7008a7

SHA1
3242f4985177c0eabc38b4cb37247c713065cef0

SHA256
bfb07b7f3ef4aeb0daeee403eb3079c762ed59eaf032ac7be24b5e264ba0656c

SHA512
d3b9a0ffe6bfa024f0b57c9c78de82f09e9837ca40a6549d7b41f489157586c6b20b7233c1c1dc1fc5d3d799ad96e3fdbcb88695c7e24026eaba0f6b0cf35ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe

Filesize
468KB

MD5
7bd670dcfb2d287f72181a9c71879e7f

SHA1
7fa9dc8c7e1904c9b66311f14d6d7a48fed43ea3

SHA256
39c9415befc40b4d1b10c4207f891ff202236aac3324f63dadbfbdece859299e

SHA512
05db43c2031813898c287954895b3b196c91718a49ace0be4bc262a7e3c3ea10993a11b6c3cf136ed6464c96b46a8642de3eaabb96e8fd91c5e009198e08e613

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe

Filesize
468KB

MD5
f2c8da08e165d71eeb9391ae4696e05f

SHA1
d93237503069a6292cf58cd457526a97d2a0dbb7

SHA256
0f5c01a3a91ebfe904e600799dc85d8cbd3c12afc38e4d98dabc01916b8d6979

SHA512
e73cd3051d9a0c831e64efe39e98daa634eb9e3b13d932c3870e7d37c35a64d477eeedca0e9f7f8bce6ba0e2840d763fe5387044a17cb2d146e44f7fc4bb197d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe

Filesize
468KB

MD5
e7510f37101a2480b0c41325ad92a926

SHA1
e899e40ad9b260799368ea74dd735b49929ea2ad

SHA256
c8154228c18709e9ef2ef9fc3853547232b168b4313cb82e9cefa1f1a26f1e70

SHA512
9a11733d18bbb17a2efd3503bd39984da63aac79750c592fd12151369c2f5347a8fd147690f029e06da95d8547175916501dfc236ac2aac3d9124cd6c9388188

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe

Filesize
468KB

MD5
e98c6a7d33e5182bd52ee3ae9a573592

SHA1
7dbbf4ce97960a6d41e02750ab927cf66d969581

SHA256
0b007114579e8c1368274552baa077a635fb66d97856904ff6edac712a034d13

SHA512
18bc6d62958817ccfcdc4189c896bb16e3c1113bf93f54165bcb932d934bf42aad6f2fd0112333d6cbf8208ccc5e15118bed2385940c001d073827a397a63634

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe

Filesize
468KB

MD5
4cfb9838e5df9ae072b79b5802e96164

SHA1
c619c631f6f9e4f738a46ed6e2210c620a00db49

SHA256
26efe7beb1251660756a81caf7e23f5f30210cf016fb81dd848b920398393fe6

SHA512
85182f644a13f9a7108ef2ab0c1b21b448bae4ab2f7ef52bc617e562a23b850d989f0e37d176da336126805392ca5b3acd3a5f97a64aa9673df2ec4e92712a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe

Filesize
468KB

MD5
c9fdf78cfc866cf31697772f3ad3059c

SHA1
4148923e1172f60586cee72b1cc2d93d1a04dd22

SHA256
58f85c317b7c008052ff3702c301ddddab3adf030b4005d1c0db6bc09912186c

SHA512
cddc3b3abbc2c8614854e1a6d1bce3c9492add4fb74e06caffe37b70a7103a418f50923ac0323d9052d227c819f312837a5bf90b1d56fc18e73f19d25058a426

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe

Filesize
468KB

MD5
63cba13ba686c881b6acf7e84f17d8db

SHA1
7d1d1a09bccd98632f546851adf758f7fedc43a0

SHA256
adcbeb2e06b29d6cb94ebfcd6d4f938036064c746eb2993bc06be9d144e3b1d1

SHA512
a6eb74ea8d08bb405fd779fe06b5b4fc0531c4803a346954e69b67e996e914a699a3185fdcb1721c2d4285bbc93538db2ca6ee4ad6ca15674947cc3475ae3bcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe

Filesize
468KB

MD5
674814bcba9e6da465430040ca28aae6

SHA1
53b189a798ba40735233b83c4d41ba00ed06d8da

SHA256
a0c8c25e19fdafca146344a07593094915c26dae07f326c5cfb53bc2d7045783

SHA512
b88c3ac5923771d47422bfd86efd097b8fde7290e47898a1c7ec20da0ca2199558859fd30f922260cbd7e046994f4d13278c45933b327368c9f6c24e79f9c5f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe

Filesize
468KB

MD5
639c0b6795d2ebd65ce6f55750f3df37

SHA1
a759b540dd3a65097e6c56ff7c5093b5a20e81d2

SHA256
a61ad15b3cd68e79b9db1d11f76bf89b0c81e0f582321a400ea56c78be29a64d

SHA512
d491543f62dc42fd9e5203d3438d162c55b1f8f0ae9f1644fa45bed6725e81c23c39541a0256c4bda951deace6e6bbbfce2adb725ca4ba85fe2fb11b0cc9c306

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe

Filesize
468KB

MD5
da5227b1a7c1dde5051cadfb23c7cba9

SHA1
7fcc451d088a8ad447447289ccec034a668a3a65

SHA256
46c184ee3302fc91141fbd07cc04aba8959c8499ae677becb20e76d271506c72

SHA512
55a61e9fc1116ee375f99dccc6eeace140a4519b9cdab30e6949e7b0b8503c5c3d31219b86761bc24af45100ec54ad32d0a50a71bd6b06f39e7d2a64282c697a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe

Filesize
468KB

MD5
805ba620bde5df95e5ec0bdb3a35ef70

SHA1
34450b0f467eb5983f28f5e109773f40c20c7292

SHA256
a83051581e677279018cb9a555b83e17f5a3343c766b454de24e76e3e7b4618c

SHA512
7e9ff7d456a02bd499ab8251a55ea9fc510105843f6c92e889302356e8271f9a6bc1e1bf27604dced08bb8b7a1548d915a63a7789835f1defe32355425a3bcfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe

Filesize
468KB

MD5
f6a70417abf91cabe4afa65d281b79fa

SHA1
35a9332959cce10d58065132f920dd26c6b767d2

SHA256
9020414350021ee7a5049d06c93009073febf1fb92e5e0aa9227821e0f093be4

SHA512
3517d22a7ba04daa58d350b20836a96d164a59a4917d90a1c185b928ebfdc63a92055749edb2228c1f7d9a30fc1cb4b6fae448f0e32938b4123e1de0eba9389b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe

Filesize
468KB

MD5
41834d67f85a2f2eed3fbd30e9686451

SHA1
054db5bf7ba1bcf6c42b69dd9dd389585570fa65

SHA256
88d3645fd14cf2fab2f5a0bc6b1cbbbda1a8762459e4df6339c382a23dfcae4b

SHA512
2be43605f4956e3844c797b70685f3e47bb4c5c74ede4c796e2463dd5ac6ce250ab99fb043e07987383e6068e14aa27e872b1009da7548db8d2a179f8cc9907d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe

Filesize
468KB

MD5
98b2a4c18ab820e0cdb06a0889927ab9

SHA1
fda6788d9465943fd2fdd8f3720c524f5a47ec82

SHA256
636d578b19f7f022f93f532c3b987d3ff86ba402c0c63d85d37d88bd6fcd6ca1

SHA512
552d6289caddf79cae2b81e65cf5285e4382e86959343b4eb648fd2059f400107809adabcee69be78b23223114fdae0f008f99f95d0a01b051d33946fe384a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe

Filesize
468KB

MD5
0557b96d14778c51fc945a4f715b7086

SHA1
aa11bcf55ceb39e641026f55ce985a7e9c9007b2

SHA256
3f30e4475c65ac39b920f6bb2bf6025a8f182ab16252cbaacd0b9733770ff152

SHA512
7f5fd7e8d4cc47ed865bf3f33d547332c85b77574d340cdbcf1175b9c4730279bb680bf94344e492d5761150c5a90f06dbfaeca41793b5880345a6177c6f9a18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe

Filesize
468KB

MD5
e8ad2f49dd08623058d357bea6eaddbe

SHA1
badcf82db164a54fa13ce29ac155a02de99406f2

SHA256
1f54aa796a3c609a62d5345390e1f387d0a87209550896bf55e22f521df0aca7

SHA512
9b370900ea334e62d038ae3124462e4b1def86b3c2e9b082168408a777a5237aeab72997c3699d34c22f120a7e2fb7c71362ebaa9446573ffb399838ba3593d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe

Filesize
468KB

MD5
1dd1083c30ced3d6d036d6fff0dab01f

SHA1
e71dd43536c03a06c75931b42746f51fcc478cdc

SHA256
4ed18f3034dcfec01f32bd4e084073060182b8def735ad6d8375203c0dfdf7af

SHA512
a0f552f9fcb24d7a2f9dc593d7aabc17618461f47efecddf0f4a143bd43676e75d76f84a05884433055a296b86e4125bcdbcabfb867d729382cd8c4f55a946f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe

Filesize
468KB

MD5
4172a67aecadc126b7fc9e8a165a6b3e

SHA1
1a097561006e29e4896f85bc377e00c8853e09bd

SHA256
c138b05208a93ad05fffa6505a74a57a871f90db4b3092e4c588337786851525

SHA512
600f3952a7a3a9a298ce834fd25eaa85ed79d1d0bdb9769744936770dae97513893e3f9594fcacbef00fece17216bca7c12da476ae83d7336d32b8f6c1fc1e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe

Filesize
468KB

MD5
48f097e48ee376b99a0dc5b941d057ff

SHA1
bb082c991f3d7554a9a419ea9c64b73aeff91004

SHA256
a5f75dd95f06a4c87e2fbcbed166e97ce6dbd2b1e32800ed3d8def066786a4d8

SHA512
6f057263153715a3abd54fdd55995d330ba44510e5cf5a92fb5a7340b49bc241c946959c80457e7d4259aa8cfbf2f34ea479b1ee50fefa6fb88b842387e99a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8522.exe

Filesize
468KB

MD5
740f182e847d11891d126e4308a44df8

SHA1
81e5837482b58265101fc5db214352296036eaba

SHA256
2a66e436a5f81a75d2e2e84937c3f21360f199ff82f3b4cfdbdbbddc2f5b2b07

SHA512
8a8297d889de9509e474df20136b00bbfde09f198723b862e4b5c7292a4821e9aef780f8b6fddd8038cd59b6ad0c6432db14282a14b5c0822d208936c73d9216

Download Submit
memory/8-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/608-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/636-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/640-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/692-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/836-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1044-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1052-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1092-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1100-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1104-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1416-104-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1424-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1476-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1528-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1616-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1648-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-2728-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1676-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1748-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1768-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1796-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1904-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-2727-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2312-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2452-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2552-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2584-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2600-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-150-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3020-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3040-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3096-30-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3220-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3264-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3372-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3392-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3468-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3496-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3504-73-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3564-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3580-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3588-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-206-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3704-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3728-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3892-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4204-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-149-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4328-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4480-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4576-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-155-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4652-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4804-115-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4932-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5128-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5288-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5308-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5320-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5384-509-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5408-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5468-577-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5508-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5524-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5596-593-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5628-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5636-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5696-594-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5732-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5764-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5812-595-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5844-608-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5872-610-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5904-611-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14388-2718-0x0000000075620000-0x000000007569B000-memory.dmp

Filesize
492KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads